messages in /var/log/message file

messages in /var/log/message file

[Arindam Haldar]

hi all,
im using RH7.3 with kernel 2.4.19 and have migrated to iptables 1.2.7a.
earlier it was kernel 2.4.19 with iptables 1.2.6a..
everything went ok but since using the newer version of iptables am 
getting this messages in /var/log/message file...

Oct  9 12:25:24 ICG kernel: NET: 5 messages suppressed.
Oct  9 12:26:31 ICG kernel: NET: 1 messages suppressed.
Oct  9 12:26:31 ICG kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for <ipA> -> <ipB>, reusing
Oct  9 12:27:12 ICG kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for <ipA> -> <ipB>, reusing

these messages are piling the message file.
am cusrious now why so ?.. what does this message signify ?
earlier verion of iptables never gave any error & the only difference in 
compling new iptables(1.2.7a) is that this time its compiled for using 
module ip_nat_h323.o
Awaiting a reply very anxiously
A.H

Re: messages in /var/log/message file

[Maciej Soltysiak]

> these messages are piling the message file.
> am cusrious now why so ?.. what does this message signify ?
Read the FAQ, and then increase your /proc/net/ip_conntrack_max

Best Regards,
Maciej Soltysiak

Re: messages in /var/log/message file

[Arindam Haldar]

hi
thanx for responding. some info to you all...
the linux box with 2.4.19 kernel & iptables 1.2.7a has 768mb ram its 
ip_conntrack_max shows 48632.
moreover the ip(=>> ipA) in the message file is a valid ip and not a 
private one & its going to a valid ip in internet.
the very interesting & confusing part for me(& hope for others?? ) is 
why a day ago with iptables 1.2.6a there was no error message ???.. as i 
mentioned in last mail the only difference is that i have as module--> 
ip_nat_h323.o & also ipt_helper.o
one last info to add here---why only this message for >>ipA<< when the 
box is handling more than 500 valid ip & above 200 private ip( of 10 
series),..slabinfo shows...
ip_conntrack        5150   6660    320  490  555  1

pls i need help to know where things went wrong for me.. if someone else 
have experienced the same can they give their experience/suggestions ??
thanx in anticipation...
A.H

Maciej Soltysiak wrote:
 >>Oct  9 12:25:24 ICG kernel: NET: 5 messages suppressed.
 >>Oct  9 12:26:31 ICG kernel: NET: 1 messages suppressed.
 >>Oct  9 12:26:31 ICG kernel: ip_conntrack: max number of expected 
 >>connections 1 of ftp reached for <ipA> -> <ipB>, reusing
 >>Oct  9 12:27:12 ICG kernel: ip_conntrack: max number of expected 
 >>connections 1 of ftp reached for <ipA> -> <ipB>, reusing
>>these messages are piling the message file.
>>am cusrious now why so ?.. what does this message signify ?
> 
> Read the FAQ, and then increase your /proc/net/ip_conntrack_max
> 
> Best Regards,
> Maciej Soltysiak
> 

Re: messages in /var/log/message file

[Jozsef Kadlecsik]

On Wed, 9 Oct 2002, Arindam Haldar wrote:

> Oct  9 12:26:31 ICG kernel: ip_conntrack: max number of expected
> connections 1 of ftp reached for <ipA> -> <ipB>, reusing
> Oct  9 12:27:12 ICG kernel: ip_conntrack: max number of expected
> connections 1 of ftp reached for <ipA> -> <ipB>, reusing
>
> these messages are piling the message file.
> am cusrious now why so ?.. what does this message signify ?

It means, that the FTP client in question sends new PORT/PASV commands
without establishing the data channel. The ip_conntrack_ftp module
registers the new request by overwriting the previous one and logs the
problem.

Regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary